Security
Using an external RADIUS server
Termination-Action: As defined by RFC 2865. If set to 1:
Tunnel-Medium-Type: Used only when assigning a specific VLAN number to a
customer. In this case it must be set to 802.
Tunnel-Private-Group-ID: Used only when assigning a specific VLAN number to a
customer. In this case it must be set to the VLAN ID.
Tunnel-Type: Used only when assigning a specific VLAN number to a customer. In this
case it must be set to VLAN.
Vendor-specific (Microsoft)
Access Reject attributes
Access Reject RADIUS attributes are not supported.
Access Challenge attributes
This table lists all attributes supported in Access Challenge packets for each authentication
type.
Attribute
EAP-Message
Message-Authenticator
State
Descriptions
EAP-Message (string): As defined in RFC 2869.
Message-Authenticator (string): As defined in RFC 2869. Always present even when
not doing an EAP authentication. length = 16 bytes.
State (string): As defined in RFC 2865.
6-8
MAC clients are blocked and must de-associate and then re-associate to start a new
MAC authentication cycle.
Customer traffic is not allowed during the 802.1X re-authentication.
When receiving traffic from a MAC client, the AP starts a new authentication cycle
automatically and the client does not need to re-associate.
MS-MPPE-Recv-Key: As defined by RFC 3078.
MS-MPPE-Send-Key: As defined by RFC 3078.
Admin login
802.1X
✕
✔
✕
✔
✕
✔
MAC
✕
✕
✕